CODEWITHSUNDEEP
phpfacebookfacebook-graph-api
Mark George
Mark George

Reputation: 69

Facebook Cancelled Permissions Redirect

So I'm having a bit of trouble when a user declines an app's permissions.

When the user accepts the permissions, they are redirected to the app just fine. When the user clicks Cancel/Decline, it should redirect them to the main Page, but instead it loops and asks them to accept the permissions again.

I am using the PHP API and the following is my code:

 // Development
  $app_id = 'XXXXXXXX';
  $app_secret = 'YYYYYYYYYY';

  $app_url = 'LINK_TO_FACEBOOK_PAGE_TAB';

  $cancelUrl = 'LINK_TO_FACEBOOK_PAGE';

  $GRAPH_URL = "https://graph.facebook.com/";

  $scope = 'publish_actions';

  // Init the Facebook SDK
   $facebook = new Facebook(array(
     'appId'  => $app_id,
     'secret' => $app_secret,
   ));

   // Get the current user
   $user = $facebook->getUser();

   // Get the users token
   $token = $facebook->getAccesstoken();




   // If the user has not installed the app, redirect them to the Login Dialog

     if(isset($_REQUEST['error']))
     {
         if(isset($_REQUEST['error_reason']) && $_REQUEST['error_reason']=='user_denied')
         {
        echo "<script>top.location.href='{$cancelUrl}'</script>";
         }
     }


   if (!$user) {
     $loginUrl = $facebook->getLoginUrl(array(
       'scope' => $scope,
       'redirect_uri' => $app_url,
       'display' => 'page',
     ));

     print('<script> top.location.href=\'' . $loginUrl . '\'</script>');

   }

Any assistance with this would be greatly appreciated.

Upvotes: 0

Views: 1944

Answers (1)

Igy
Igy

Reputation: 43816

You're doing this here:

if (!$user) {

If you don't want to redirect users who've already rejected the request, check for the presence of the error parameters Facebook uses to tell you the user has rejected the request, and don't send them back to the auth dialog if you see them.

At a very basic level, this should work and be easy to test provided your redirect_uri parameter in the login dialog brings the user back to the same page you're doing the user checking on:

if (!$user) {
  if ($_REQUEST['error_reason'] == 'user_denied') {
  //explain why you need them to log in
  } else {
    $loginUrl = $facebook->getLoginUrl(array( [...]
  }
}

Upvotes: 1

Related Questions